MiCA Licence in France 2026

Regulatory timeline from PACTE and PSAN to MiCA in France

France regulated crypto earlier than many EU states through the PACTE law of 2019, which created the PSAN framework. That made France one of the first major EU jurisdictions with a dedicated national regime for digital asset service providers. The first PSAN registrations followed in 2020, and for several years the market used “French crypto license” and “PSAN registration” almost synonymously.

The legal landscape changed at EU level when Regulation (EU) 2023/1114 was published in the Official Journal of the European Union on 9 June 2023 and entered into force on 29 June 2023. MiCA then applied in phases:

• 30 June 2024 — the regime for ARTs and EMTs became applicable;
• 30 December 2024 — the broader CASP regime became applicable across the EU;
• up to 1 July 2026 — possible end-point of national transitional arrangements, depending on Member State choices.

For applicants in France, each date has a different consequence. The PACTE date explains why France has a legacy national vocabulary. The MiCA entry-into-force date explains the legal source. The 30 December 2024 date explains why new operational planning must now be MiCA-native. The 1 July 2026 horizon explains why existing PSAN businesses cannot assume indefinite grandfathering.

One practical nuance often missed: the transition period is not a free pass to delay operational remediation. In real files, the hardest work is not the legal label change from PSAN to MiCA. It is the upgrade of safeguarding, Travel Rule interoperability, outsourcing governance, DORA-era ICT controls, and regulator-grade evidence.

Who needs a MiCA licence in France

If your business provides regulated crypto-asset services in or from France, you likely need MiCA authorisation. The core question is not whether you call yourself an exchange, wallet, broker, or platform. The real question is whether your activity falls within the regulated CASP service perimeter.

Businesses commonly requiring authorisation include those providing:

• custody and administration of crypto-assets on behalf of clients;
• exchange of crypto-assets for funds;
• exchange of crypto-assets for other crypto-assets;
• execution of orders on behalf of clients;
• reception and transmission of orders;
• placing of crypto-assets;
• transfer services for crypto-assets on behalf of clients;
• advice on crypto-assets;
• portfolio management on crypto-assets;
• operation of a trading platform for crypto-assets.

Founders often under-scope their activity. For example, a “non-custodial” business may still trigger licensing if it executes client orders, arranges transfers, or controls critical transaction flow. A “technology provider” may still be within scope if it is functionally providing regulated services rather than pure software. Likewise, staking, lending, DeFi interfaces, and token launch models often require separate legal analysis rather than assumptions.

Activities that may fall outside MiCA or require separate classification include financial instruments under MiFID II, some NFT models, and fully decentralised arrangements where no identifiable intermediary provides the service. But these are not blanket exemptions. In France, regulators look at economic reality, control, and client-facing function, not only the label used on the website.

Travel Rule, safeguarding and client asset protection

MiCA authorisation in France must be read together with the EU Travel Rule and with safeguarding obligations. The Travel Rule is governed primarily by Regulation (EU) 2023/1113, not by MiCA itself. In practice, however, the two regimes meet inside the same operating model. If your company cannot implement compliant transfer controls, your MiCA file is weaker.

For crypto transfers, CASPs must collect, verify where required, and transmit originator and beneficiary information in line with the EU framework. In operational terms, that usually means:

• Travel Rule policy mapped to transfer types and risk categories;
• counterparty CASP identification and interoperability procedures;
• use of structured data standards such as IVMS101;
• controls for transfers involving unhosted wallets, including risk scoring and enhanced review where appropriate;
• screening of wallet addresses and counterparties before release of funds or crypto-assets.

On safeguarding, regulators expect more than the phrase “client assets are segregated.” They expect a control environment:

• clear distinction between client and proprietary wallets;
• daily reconciliation and break management;
• documented custody chain and key-management model;
• incident ownership and client-notification logic;
• for client fiat received in connection with services, placement with a bank or central bank by the end of the next business day where applicable.

A practical point that often improves approval prospects: show the regulator a visual flow of onboarding → wallet screening → transfer data exchange → execution → reconciliation → reporting. Files that make the operational chain visible are easier to assess and usually attract better-quality questions.

RUE integrates Travel Rule design, safeguarding controls, and banking architecture into one workstream, because these issues fail together if they are built separately.

Stablecoins, token issuance and white paper obligations

A CASP authorisation is not the same thing as issuer compliance. If your business in France plans to issue tokens, facilitate a public offer, or operate around stablecoin structures, you may need analysis beyond the CASP perimeter.

MiCA distinguishes between:

• ARTs (asset-referenced tokens);
• EMTs (e-money tokens);
• other crypto-assets that may trigger white paper obligations.

The issuer framework can involve additional obligations around authorisation, disclosure, reserve assets, governance, redemption rights, and supervisory engagement. EBA becomes especially relevant for significant ARTs and EMTs, while ECB may also matter in the broader policy environment for payment-like token structures.

For founders, the key practical rule is simple: running an exchange or custody business does not automatically authorise you to issue a compliant stablecoin. Likewise, publishing a token white paper does not replace the need for CASP authorisation if you also provide regulated services. The two analyses overlap, but they are not the same.

France-based projects should also be careful with token classification at the boundary with MiFID II. If the token qualifies as a financial instrument, MiCA may not be the governing regime for that instrument at all. That boundary question should be resolved before the dossier is finalised, because it affects licensing scope, disclosures, and investor communication.

Document checklist for a MiCA licence in France

Regulators usually read the business plan, governance file, AML framework, safeguarding model, and ICT architecture first. A strong France MiCA dossier typically includes the following core document groups:

• corporate documents — incorporation papers, statutes, shareholder register, group chart;
• ownership file — UBO analysis, source of funds, source of wealth where relevant;
• business plan — services, target clients, countries, revenue logic, launch roadmap;
• financial model — multi-year projections, capital adequacy logic, cost assumptions, liquidity planning;
• governance pack — board structure, delegated authorities, fit-and-proper evidence, conflict controls;
• AML/CFT framework — risk assessment, KYC/KYB, EDD, sanctions, monitoring, escalation, Tracfin logic;
• Travel Rule pack — TFR policy, data model, IVMS101 or equivalent connectivity approach, unhosted wallet controls;
• safeguarding framework — custody model, segregation, reconciliation, fiat safeguarding flow, incident handling;
• outsourcing register — critical vendors, oversight, SLAs, audit rights, concentration risk, exit plans;
• ICT and security file — system architecture, access control, logging, key management, incident response, BCP/DR;
• complaints and conduct policies — complaints handling, disclosures, client communications, conflicts management;
• wind-down plan — orderly cessation, client protection, asset return, record preservation.

One practical nuance: if your model includes APIs, embedded finance, white-label services, or third-party wallet infrastructure, the dossier should include a clear responsibility map showing which entity controls each regulated function. This is often where technically sophisticated founders lose regulatory clarity.

RUE prepares these documents as an integrated package rather than isolated templates, because inconsistencies between the business plan, AML file, and ICT file are a common source of delay.